Lucene search
K

721 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-19992 Malicious code in evil-npm-package (npm)

The package evil-npm-package was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-19993 Malicious code in evil-npm-package-tonghuaroot (npm)

The package evil-npm-package-tonghuaroot was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:52 a.m.8 views

CVE-2024-7408

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...

8.6CVSS6.4AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.8 views

CVE-2020-35931

An issue was discovered in Foxit Reader before 10.1.1 and before 4.1.1 on macOS and PhantomPDF before 9.7.5 and 10.x before 10.1.1 and before 4.1.1 on macOS. An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subty...

7.8CVSS6.8AI score0.02294EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:55 a.m.5 views

CVE-2018-6402

Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby...

7.5CVSS6.9AI score0.00235EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2025/05/09 12:15 p.m.5 views

CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

5.9CVSS6.2AI score0.00309EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/04/11 4:23 p.m.6 views

CVE-2025-32076 Evil regex used to process user-provided data in VisualData

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43...

6.9CVSS6.6AI score0.00355EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2025/03/29 11:34 a.m.9 views

jst.co.uk Cross Site Scripting vulnerability OBB-4041097

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2025/03/06 7:8 p.m.3 views

MAL-2025-2208 Malicious code in evil_gem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1cbacc9bc6d36bcde7b6cb93df89df1fae5c8f70a841dc916a8ba6cdad2ff95 The OpenSSF Package Analysis project identified 'evilgem' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.8 views

CVE-2025-0689

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size whi...

7.8CVSS7.5AI score0.0044EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.6 views

CVE-2025-0685

A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some o...

6.4CVSS7AI score0.00253EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.7 views

CVE-2025-1118

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory...

4.4CVSS6.1AI score0.00286EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.11 views

CVE-2025-0686

A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted...

6.4CVSS7.2AI score0.00253EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.7 views

CVE-2025-1125

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size...

7.8CVSS7.2AI score0.00371EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.4 views

CVE-2025-0677

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...

6.4CVSS7.3AI score0.00318EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.31 views

CVE-2025-0624

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

7.6CVSS6.9AI score0.01373EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.6 views

CVE-2025-0622

A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If...

6.4CVSS6.6AI score0.00262EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.12 views

CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS6.6AI score0.00234EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.12 views

CVE-2025-0684

A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesyste...

6.4CVSS6.9AI score0.00251EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/02/18 6:0 p.m.8 views

CVE-2024-45776

When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data o...

6.7CVSS6.8AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder